Page 603 of 3790 results (0.043 seconds)

CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 1

Integer overflow in the xt_alloc_table_info function in net/netfilter/x_tables.c in the Linux kernel through 4.5.2 on 32-bit platforms allows local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call. Desbordamientos de enteros en la función xt_alloc_table_info en net/netfilter/x_tables.c en el kernel de Linux hasta la versión 4.5.2 en plataformas de 32-bit permite a usuarios locales obtener privilegios o causar una denegación de servicio (corrupción de memoria dinámica) a través de una llamada IPT_SO_SET_REPLACE setsockopt. • https://www.exploit-db.com/exploits/39545 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d157bd761585605b7882935ffb86286919f62ea1 http://www.securityfocus.com/bid/84305 http://www.ubuntu.com/usn/USN-2930-1 http://www.ubuntu.com/usn/USN-2930-2 http://www.ubuntu.com/usn/USN-2930-3 http://www.ubuntu.com/usn/USN-3054-1 http://www.ubuntu.com/usn/USN-3055-1 http://www.ubuntu.com/usn/USN-3056-1 http://www.ubuntu.com/usn/USN • CWE-189: Numeric Errors •

CVSS: 8.4EPSS: 0%CPEs: 16EXPL: 1

The netfilter subsystem in the Linux kernel through 4.5.2 does not validate certain offset fields, which allows local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call. El subsistema netfilter en el kernel de Linux hasta la versión 4.5.2 no válida ciertos campos de desplazamiento, lo que permite a usuarios locales obtener privilegios o causar una denegación de servicio (corrupción de memoria dinámica) a través de una llamada IPT_SO_SET_REPLACE setsockopt. A security flaw was found in the Linux kernel in the mark_source_chains() function in "net/ipv4/netfilter/ip_tables.c". It is possible for a user-supplied "ipt_entry" structure to have a large "next_offset" field. This field is not bounds checked prior to writing to a counter value at the supplied offset. • https://www.exploit-db.com/exploits/39545 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=54d83fc74aa9ec72794373cb47432c5f7fb1a309 http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html http://lists.opensuse.org/opensuse-security-announce/2016 • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 4.0EPSS: 0%CPEs: 2EXPL: 0

The pagemap_open function in fs/proc/task_mmu.c in the Linux kernel before 3.19.3, as used in Android 6.0.1 before 2016-03-01, allows local users to obtain sensitive physical-address information by reading a pagemap file, aka Android internal bug 25739721. La función pagemap_open en fs/proc/task_mmu.c en el kernel de Linux en versiones anteriores a 3.19.3, tal como se utiliza en Android 6.0.1 en versiones anteriores a 2016-03-01, permite a usuarios locales obtener información sensible de la dirección física leyendo un archivo pagemap, también conocido como error interno de Android 25739721. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ab676b7d6fbf4b294bf198fb27ade5b0e865c7ce http://googleprojectzero.blogspot.com/2015/03/exploiting-dram-rowhammer-bug-to-gain.html http://source.android.com/security/bulletin/2016-03-01.html http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.19.3 http://www.securityfocus.com/bid/84265 https://github.com/torvalds/linux/commit/ab676b7d6fbf4b294bf198fb27ade5b0e865c7ce • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0

The LIST_POISON feature in include/linux/poison.h in the Linux kernel before 4.3, as used in Android 6.0.1 before 2016-03-01, does not properly consider the relationship to the mmap_min_addr value, which makes it easier for attackers to bypass a poison-pointer protection mechanism by triggering the use of an uninitialized list entry, aka Android internal bug 26186802, a different vulnerability than CVE-2015-3636. La funcionalidad LIST_POISON en include/linux/poison.h en el kernel de Linux en versiones anteriores a 4.3, como se utiliza en Android 6.0.1 en versiones anteriores a 2016-03-01, no considera adecuadamente la relación del valor mmap_min_addr, lo que hace más fácil a atacantes eludir un mecanismo de protección poison-pointer desencadenando el uso de una entrada de lista no inicializada, también conocido como error interno de Android 26186802, una vulnerabilidad diferente a CVE-2015-3636. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8a5e5e02fc83aaf67053ab53b359af08c6c49aaf http://source.android.com/security/bulletin/2016-03-01.html http://www.debian.org/security/2016/dsa-3607 http://www.openwall.com/lists/oss-security/2015/05/02/6 http://www.securityfocus.com/bid/84260 http://www.ubuntu.com/usn/USN-2967-1 http://www.ubuntu.com/usn/USN-2967-2 http://www.ubuntu.com/usn/USN-2968-1 http://www.ubuntu.com/usn/USN-2968 • CWE-908: Use of Uninitialized Resource •

CVSS: 4.9EPSS: 0%CPEs: 18EXPL: 1

The ati_remote2_probe function in drivers/input/misc/ati_remote2.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor. La función ati_remote2_probe en drivers/input/misc/ati_remote2.c en el kernel de Linux en versiones anteriores a 4.5.1 permite a atacantes físicamente próximos provocar una denegación de servicio (referencia a puntero NULL y caída de sistema) a través de un valor de dispositivos finales manipulado en un descriptor de dispositivo USB. Linux kernel version 3.10.0-229.20.1.el7.x86_64 crashes on presentation of a buggy USB device requiring the ati_remote2 driver. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=950336ba3e4a1ffd2ca60d29f6ef386dd2c7351d http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html http://lists.opensuse.org •